1. Field of the Invention
This invention relates generally to communication between a plurality of network domains or zones, and more particularly to network platforms and apparatus, systems, and methods that utilize or employ internetworking platforms to provide cyber security protection across security zones typically having different levels of security therebetween.
2. Description of the Related Art
The architecture of modern industrial operations, such as that found in modern oil and gas field applications is enabled at the field-level, process-level, application-level, system-level, and plant-level, by various networked devices. These devices monitor, control, and collect data, such as measurements, reflective of the operations of the automated process. These devices are connected to or in communication with electronic devices and machines known as controllers that operate at different levels to process the data collected and issue commands back to, or to other, networked devices.
In a typical configuration, these components form plant networks and systems. The more mission-critical remote or local plants, facilities, systems, networks, applications, controllers, computers or other data management devices, sensors or other data collecting or transmitting devices including I/O devices, equipment (things), and/or other assets, are located in what can be termed a mission critical Secured Zone (SZ). These industrial networks and systems can be connected to multiple networks within the SZ or non-mission-critical networks external to the facility, such as a corporate or other enterprise network, located within a Less Secured Zone (LSZ) having less cyber security, which may also be connected to public networks such as the Internet. This makes such “industrial networks” extremely susceptible to external cyber attacks and other security threats. Such cyber attacks can result in, among other things, a “loss of view” and/or a “loss of control” of individual components or entire network or system structures. A loss of view occurs when the user/automated controller is unable to access a system, either partially or fully, and thus, has no view of the process operation. A loss of control occurs when the user/automated controller is unable to send and/or receive control messages to the process control system to invoke a function and or a procedure.
Cyber security measures applied to communication between such mission-critical industrial networks and systems and have taken the form of those applied to Information Technology (IT) systems, arguably because known conventional intra-network deployments require full Internet Protocol (IP) communication end-to-end between the data source and destination. Other methodologies include the employment of the need for a Firewall and/or DMZ between the SZ and LSZ. These methods, however, have not been sufficiently effective, given the potential loss of capital, life, and product in the event of a failure of a control system or industrial process.
As such, the inventors have recognized the need for apparatus, systems, network platforms, and methods that can provide cyber security protection for industrial processes, for Energy, Power and Utilities systems and networks; and other industrial and non-industrial systems, that require, for example, security and protection from a less secure corporate or Internet connectivity. Also recognized is the need for apparatus, systems, platforms, and methods that can provide secure communications between the different zones such as, for example, a mission critical SZ interfacing with facilities, systems, networks, computers or other user interface devices including those of end-users located in an LSZ, and that account for the full IP communication requirement of both data sources and data destinations.
Further recognized by the inventors is the need for apparatus, systems, platforms, and methods which provide for data exchange from the SZ to the LZ without full (unbroken and anti-evasion) IP communication end-to-end; that can eliminate the exchange of vulnerable files and malwares between the SZ and LSZ, and vice versa; that can eliminate active links or sessions (bidirectional) between the SZ and LSZ; provide for controlled data exchange between SZ and LSZ; that can prevent active files, those files having executable code and/or macros that cannot be transferred as a text file(s) or binary data, e.g., URL links, object oriented executable file, among others, which can be carriers of computer worms or viruses, from being exchanged between the SZ and LSZ; vice versa, by eliminating them from any data being exchanged; that can provide data exchange capabilities, preferably at the storage drive I/O level between two different zones; and that can eliminate the need for network communication such IP communications, physical Firewall(s) and/or DMZ(s) between the SZ and LSZ.
Once there is a system compromise of the Enterprise Resource Planning (ERP) storage, for example, or a compromise either in the corporate network or corporate LAN, any streaming data is generally lost, en route, or must be stored by the data source.
As such, recognized by the inventors is the need for an en route storage capacity to retain the data should the ERP storage become compromised or if data being transferred to the LSZ is being lost. Correspondingly, also recognized by the inventors is the need for apparatus, systems, platforms, and methods which provide for central data aggregation and delivery to the LSZ's systems (and LZ systems) and/or for manual data upload or download for disaster situations such as, for example, a central hub for data aggregation and exchange; which provide central data aggregation to be used in a disaster recovery plan; and which provide a central data aggregation for the SZ and LSZ systems to be used for data archiving and historization.